The block cipher decryption logic in GnuTLS assumed that a
record containing any data which was a multiple of the block
size was valid for further decryption processing, leading to
a heap corruption vulnerability.

Various functions using the ASN.1 length decoding logic in
Libtasn1 were incorrectly assuming that the return value from
asn1_get_length_der is always less than the length of the
enclosing ASN.1 structure, which is only true for valid
structures and not for intentionally corrupt or otherwise
buggy structures.

The block cipher decryption logic in GnuTLS assumed that a
record containing any data which was a multiple of the block
size was valid for further decryption processing, leading to
a heap corruption vulnerability.

Various functions using the ASN.1 length decoding logic in
Libtasn1 were incorrectly assuming that the return value from
asn1_get_length_der is always less than the length of the
enclosing ASN.1 structure, which is only true for valid
structures and not for intentionally corrupt or otherwise
buggy structures.